[jboss-jira] [JBoss JIRA] (AS7-6489) Ensure JBoss 7.2.0-Alpha1 mgmt user session invalidated if user doesn't exist

Gary Weaver (JIRA) jira-events at lists.jboss.org
Fri Feb 8 16:53:51 EST 2013 

    [ https://issues.jboss.org/browse/AS7-6489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12753122#comment-12753122 ] 

Gary Weaver commented on AS7-6489:
----------------------------------

Yes.
                
> Ensure JBoss 7.2.0-Alpha1 mgmt user session invalidated if user doesn't exist
> -----------------------------------------------------------------------------
>
>                 Key: AS7-6489
>                 URL: https://issues.jboss.org/browse/AS7-6489
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: Domain Management
>    Affects Versions: 7.2.0.Alpha1
>         Environment: Ubuntu 12.04.2 LTS, java version "1.7.0_06"
> Java(TM) SE Runtime Environment (build 1.7.0_06-b24)
> Java HotSpot(TM) 64-Bit Server VM (build 23.2-b09, mixed mode), built JBoss 7.2.0.Alpha1-SNAPSHOT (code current from this morning EST- 2013-02-08 13:54 UTC)
>            Reporter: Gary Weaver
>            Assignee: Darran Lofthouse
>            Priority: Minor
>
> Had browser open much earlier today and logged into old JBoss 7.1.1.FINAL JBoss management console. Built/setup JBoss 7.2.0-Alpha1 from github jbossas/jboss-as master up-to-date as of earlier this morning. Started server and was no management user so it showed the page indicating that I could not login because there was no user. Added user and refreshed page and I was logged-in. I could be imagining things, but it might be good to check that current session is invalidated in management session if the user doesn't exist. (Also, there is no command to remove a user while the server is up that I can see; if there were, I'd try removing the user, hitting the page to validate I couldn't get in, and then hit it again to try to confirm; but, if no one has complained about the lack of remove-user, then I guess it isn't required.)
> Thanks!

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list